Information processing apparatus, printing system, job processing method, and program used therewith

ABSTRACT

The present invention provides, to an image forming apparatus that cannot interpret access control information representing permission to execute printing, a mechanism for flexibly restricting a print job by using the access control information. Specifically, a proxy server verifies whether the access control information is valid. If the proxy server verifies that the access control information is valid, an ACT in the print job is deleted. The print job with the ACT deleted is queued. The queued print job is transmitted and printed out in the image forming apparatus.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to a mechanism for restricting executionof a print job.

2. Description of the Related Art

In recent years, security for network devices or print job restrictionhas been regarded as important, and various measures have been taken.There is no exception in printing system.

For example, Japanese Patent Laid-Open No. 2002-041443 discloses atechnology in which, when a client PC (personal computer) transmits aprint job to an image forming apparatus, a printing permission (ticket)authenticated by a server is acquired and input to the image formingapparatus with the print job. The ticket describes types of functions ofthe image forming apparatus that are permitted for use by a user whoinputs the print job. On the basis of the ticket, the image formingapparatus flexibly restricts execution of the print job.

However, according to the technology of the related art in JapanesePatent Laid-Open No. 2002-041443, it is necessary for the image formingapparatus to have advanced functions such as a function of verifying theticket added to the input print job. Accordingly, image formingapparatuses for use are limited. In other words, in an image formingapparatus that has no advanced function of interpreting the ticket orthe like, execution of a print job cannot flexibly be restricted asdescribed above.

By way of example, it is expected that similar functions of interpretingtickets are not provided in apparatuses such as image formingapparatuses of previous models, and inexpensive image formingapparatuses without advanced functions.

SUMMARY OF THE INVENTION

The present invention provides an information processing apparatus fortransmitting a print job to an image forming apparatus. The informationprocessing apparatus includes a detection unit configured to detect theaccess control information of the print job, the access controlinformation representing permission of execution of the print job, adetermination unit configured to determine whether or not the accesscontrol information detected by the detection unit is valid, a deletionunit configured to perform deleting the access control informationdetected by the detection unit and determined to be valid by thedetermination unit, and a transmission unit configured to transmit, tothe image forming apparatus, the print job with the access controlinformation deleted.

According to the present invention, a mechanism for flexible restrictingexecution of a print job can be provided to an image forming apparatushaving no advanced function of interpreting the ticket, or the like, asdescribed above.

Further features of the present invention will become apparent from thefollowing description of exemplary embodiments with reference to theattached drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is an illustration of an example of a hardware configuration of aprinting system according to the present invention.

FIG. 2 is a block diagram showing an example of a hardware configurationof an information processing apparatus.

FIG. 3 is a block diagram showing an example of a hardware configurationof an image forming apparatus.

FIG. 4 is a block diagram showing an example of processing andinformation flow in the printing system shown in FIG. 1.

FIG. 5 is a functional block diagram showing an example of software in aclient PC.

FIGS. 6A and 6B are functional block diagrams showing examples ofsoftware in an image forming apparatus.

FIG. 7 is a functional block diagram showing an example of software in aproxy server.

FIG. 8 is a flowchart showing an example of an operation process of theclient PC in a printing mode.

FIGS. 9A and 9B are illustrations of an example of a print job outputfrom the client PC to the exterior.

FIG. 10 is a flowchart showing an example of an operation processconcerning access control information in an authentication server.

FIG. 11 is a table showing examples of job execution restrictioninformation and job execution record information for each user that aremanaged by the authentication server.

FIG. 12 (consisting of FIGS. 12A and 12B) is a flowchart showing anexample of a printing system configuring process executed by using amanagement console.

FIG. 13 is an illustration of an example of a setting screen inconfiguring the printing system.

FIG. 14 is an illustration of an example of a search packet forsearching for a security-support image forming apparatus, and acorresponding response packet.

FIG. 15 is an illustration of an example of a setting screen forconfiguring the printing system.

FIG. 16 is an illustration of an example of a setting screen forconfiguring the printing system.

FIG. 17 is an illustration of an example of a setting screen forconfiguring the printing system.

FIG. 18 is a flowchart showing an example of an operation process of aproxy server.

FIG. 19 is an illustration of an example of job processing in the proxyserver.

FIG. 20 is a flowchart showing an example of an access controlinformation deleting process by the proxy server.

FIG. 21 is a sequence chart showing an example of input of a print jobfrom each issuer in the printing system.

FIG. 22 is a block diagram showing different processing and informationflow in the printing system.

FIG. 23 is a flowchart showing an example of an operation process of theproxy server.

FIG. 24 is a flowchart showing an example of a different access controlinformation deleting process of the proxy server.

DESCRIPTION OF THE EMBODIMENTS

Preferred embodiments of the present invention are exemplified below indetail with reference to the accompanying drawings. However, elementsdescribed in the embodiments are only exemplifications. Accordingly, thescope of the present invention is not limited to the embodiments.

First Embodiment Overall Configuration of Printing System

FIG. 1 is an illustration of an entire configuration of a printingsystem according to each of the following embodiments.

The printing system includes client computers (personal computers (PCs))101 and 105. Each client PC generates and outputs a print job to theexterior. The printing system also includes image forming apparatuses103 and 104. Each image forming apparatus processes each of inputvarious jobs and performs an operation such as recording onto paper. Theprinting system also includes an authentication server 102. Theauthentication server 102 authenticates job execution. The printingsystem also includes a system management server 107. The systemmanagement server 107 manages, in an integrated manner, the client PCs101 and 105, the image forming apparatuses 103 and 104, and proxy server106 (described later) included in the printing system. The proxy server106 functions as a job control apparatus that, by mediating between oneclient PC and one image forming apparatus, outputs a print job from theclient PC to the image forming apparatus. The apparatuses are connectedto one another by a LAN (local area network) 108 complying with acommunication standard of Ethernet. The apparatuses can perform mutualdata communication.

In the first embodiment, the client PCs 101 and 105, the proxy server106, and the system management server 107 are only names fordescription. Actually, these apparatuses can be formed by the samestandard information processing apparatuses.

The following description exemplifies a LAN complying with acommunication standard of Ethernet as a communication medium formediating between apparatuses. However, the communication medium is notlimited to an Ethernet LAN. For example, an Internet communicationnetwork, and a WAN (wide area network) including a plurality of LANs canbe used. In addition, a so-called “wireless LAN” that performs wirelesscommunication using radio waves and radiation in accordance with astandard such as IEEE (Institute of Electrical and Electronic Engineers)802.11b can also be used. Furthermore, also a form in which apparatusesare connected by a local interface such as IEEE 1284 or USB (UniversalSerial Bus) can be used.

Hardware of Information Processing Apparatus

FIG. 2 is a block diagram showing an example of an internalconfiguration of each of the apparatuses 101, 102, 105 to 107 realizingan embodiment of the present invention. A CPU (central processing unit)201 executes a program stored in a RAM (random access memory) 202 or thelike. In addition, the CPU 201 loads, into the RAM 202, a program anddata stored on a flexible disk 210 or hard disk 212 as a nonvolatilememory device, and stores the content of the RAM 202 in the flexibledisk 210 or hard disk 212. Each of a flexible disk controller 209 and ahard disk controller 211 reads/writes data from/to a storage medium. Avideo controller 203 outputs visual information to a connected display204. A keyboard/mouse 206 is an input device for inputting various typesof data. Inputs from these devices are processed by a program running onthe CPU 201 after passing through the keyboard/mouse controller 205. Anetwork controller 207 is connected to the LAN 108 shown in FIG. 1 by ahub 208, and communicates with each apparatus on the network. Inaddition, under the control of the printer port controller 213, theapparatus can directly communicate with an image forming apparatus 214connected to a printer port. The image forming apparatus 214 correspondsto one of the image forming apparatuses shown in FIG. 1. The CPU 201,the RAM 202, and each controller are connected to an internal bus 215,and exchanges control information and data.

Hardware of Image Forming Apparatus

FIG. 3 is a block diagram showing hardware of an image forming apparatusin the first embodiment.

On the basis of a control program or the like stored in a ROM (read-onlymemory) 303 or hard disk 304, the CPU 301 of the image forming apparatusoverall controls accessing of various types of devices connected to asystem bus 311. In addition, the CPU 301 has a function of expanding anexternally received page description language into image data in aformat that is printable by a printer engine 308, and outputting theimage data as output information to a page memory 307 connected througha video interface (not shown). A RAM 302 functions as a main memory, awork area, etc., for the CPU 301. The output information stored in thepage memory 307 is printed onto a recording medium by the printer engine308. A network communication control unit 305 exchanges various types ofdata with an external apparatus through a LAN. In addition, a localcommunication control unit 310 similarly exchanges various types of datawith the rest of the system through a local communication party. Anoperation unit 309 includes a display panel and a keyboard. Theoperation unit 309 provides an operator with information, and receivesinstructions input by the operator.

Overall Printing System

FIG. 4 is a schematic block diagram showing software function conceptsof the apparatuses shown in FIG. 1. An outline of the flow ofinformation between apparatuses in the printing system is describedbelow with reference to FIG. 4.

The printing system is configured by steps S401 to S405. In step S401,the network is searched for an image forming apparatus from a managementconsole. The management console is management software provided in thesystem management server 107. In the following description, eachsentence having the management console as a subject indicates that thesystem management server 107 is a main processor.

In step S402, configuration information of various types is acquiredfrom each image forming apparatus found by searching. On the basis ofthe acquired configuration information of the image forming apparatus,the management console identifies whether the image forming apparatus issecurity-supported. The configuration information includes at leastinformation exemplified in FIG. 14 (described later), and informationcorresponding thereto.

In step S403, the identified image forming apparatus is requested by themanagement console 107 to set a port filter so that the image formingapparatus is prevented from receiving data from an apparatus differentfrom the proxy server 106. For example, in step S403, the image formingapparatus is requested to set an IP (Internet protocol) block.

In step S404, the proxy server 106 is requested to create a queue foroutputting a job. The queue is created by the proxy server 106 on thebasis of the request in step S404, whereby a print job can be output tothe image forming apparatus in step S410.

In step S405, a printer driver is delivered from the management console107 to the client PC 101. The delivered printer driver includes aspecification (such as an IP address, a MAC (media access control)address, or a device name) of an image forming apparatus serving as afinal output destination (transmission destination), and a specificationof the proxy server 106, which serves as a job output destination(transmission destination).

The proxy server 106 shown in FIG. 4 can be substituted by a commoninformation processing apparatus. The proxy server 106 does not need tobe particularly limited to a proxy server. Accordingly, the proxy server106 is used as an example for description.

Next, how a print job is input to the image forming apparatus in theprinting system including steps S401 to S405 is described below.

When, in step S406, the client PC 101 is used to perform printing, theclient PC 101 issues an authentication request to the authenticationserver 102. After receiving the authentication request, theauthentication server 102 authenticates the authentication request. Ifthe authentication server 102 detects no problem, in step S407, theauthentication server 102 issues an access control token (abbreviated asan “ACT”) as access control information. In step S408 or S411, theclient PC 101 combines the ACT acquired from the authentication server102 and a created print job, and transmits the combination to the outputdestination.

When the image forming apparatus 103, which is security-unsupported, isspecified as a final job input destination, the proxy server 106 is setas a job output (transmission) destination from the client PC 101. Afterreceiving data corresponding to step S408, in step S1807 (describedlater), the proxy server 106 verifies whether the ACT is valid. If theproxy server 106 has verified the validity of the ACT, in step S409, theproxy server 106 executes processing for deleting the ACT. In step S410,the print job with the ACT deleted is transmitted to the image formingapparatus 103 by the proxy server 106. The image forming apparatus 103processes the job received correspondingly to step S410, and prints outthe result of processing.

When the image forming apparatus 104, which is security-supported, isspecified as the job input destination, the client PC 101 does notdelete the ACT. In step S411, the client PC 101 transmits, to the imageforming apparatus 104, the print job in a form combined with the ACT.

The access control information is more specifically described below. Theaccess control information includes at least the following twofunctions. One is that the access control information includesinformation indicating that the print job input to a device is reliabledata. For example, a hash value indicating that data has not beentampered with, and a digital signature representing an issuer areincluded. A device that analyzes an ACT recognizes, on the basis ofthese pieces of information, that the ACT is valid. The other one isthat the access control information has a function as restrictioninformation or job execution permission. After verifying that the ACT isreliable, the device restricts or suppresses job execution (service) onthe basis of a printing function whose execution may be permitted, theprinting function being further described in the ACT.

In the following description, the ACT is used as the access controlinformation. Any information having at least one of the above twofunctions may comprise the access control information.

The dotted lines shown in FIG. 4 indicate boundaries of softwarefunctions of computers. In general, in the same computer, processboundaries exist, and, between different computers, network boundariesexist. Each boundary indicated by the dotted line indicates one of aprocess boundary or a network boundary. Although, for example, theauthentication server 102 and the management console 107 are shown asdifferent apparatuses in FIG. 4, the printing system can be formed byincluding the authentication server 102 and the management console 107in a single client computer.

Software Functions of Client Software

FIG. 5 is a functional block diagram showing software functions of aclient PC in the first embodiment.

When receiving a printing request from an application program 501, aprinter driver 503 transmits, to the authentication server 102, anauthentication request including user authentication information such asa user name and a password, and an identifier of the image formingapparatus 104. After receiving the authentication request, by checkingwhether the authentication information has been registered beforehand,the authentication server 102 determines whether the authenticationinformation is appropriate. If the authentication information isappropriate, the authentication server 102 sends back the ACT as theaccess control information. Alternatively, if the authenticationinformation is not appropriate, the authentication server 102 sends backan error. What type of restriction (or permission) is set for each pieceof authentication information for creating an ACT is described in detailwith reference to FIG. 11 (described later).

After receiving the ACT, the printer driver 503 generates a print jobwith the ACT by adding the ACT to a print job generated on the basis ofa printing instruction from the application program 501. The printerdriver 503 temporarily stores the print job with the ACT in a spool 505.The temporarily stored print job is transmitted when an apparatus as anoutput destination becomes capable of reception.

Software Functions of Security-Supported Image Forming Apparatus

FIGS. 6A and 6B are block diagrams showing software functions of asecurity-supported image forming apparatus in the first embodiment. Thesecurity-support image forming apparatus corresponds to an image formingapparatus capable of interpreting access control information in thefirst embodiment. FIGS. 6A and 6B include some hardware blocks fordescription.

A network interface 401 is connected to the LAN 108 shown in FIG. 1, andperforms data communication with different apparatuses similarlyconnected to the LAN 108. Data received through the network interface401 is used for a protocol stack 402 to assemble data in accordance witheach protocol layer, and, under mediation of a device control unit 408,the assembled data is sent and analyzed in a command analyzing unit 403.

In addition, the information processing apparatus has a local interface407, such as IEEE 1284 or USB, other than the network interface 401. Byconnecting an information processing apparatus to the local interface407, a processing request from the connected information processingapparatus can be received. Under mediation of the device control unit408, data received through the local interface 407 is also sent andanalyzed in the command analyzing unit 403.

When an analysis by the command analyzing unit 403 indicates that thereceived data is a print job including the ACT, a security control unit416 checks encryption/decryption processing and an access right. Thesecurity control unit 416 has an ACT judgment function of judgingwhether the ACT is valid, that is, whether the ACT has not been tamperedwith. The security control unit 416 also has a print job attributerestricting function of restricting or suppressing execution of somefunction or functions of the print job on the basis of restriction orpermission information described in the ACT, and subsequently notifyinga post stage.

When the analysis of the command analyzing unit 403 identifies thereceived data as a print job (such as page description data or printingsetting data) including no ACT, the data management unit 409 stores thereceived data in a print queue occupying a predetermined region of adata storage unit 410.

A job control unit 411 monitors the print queue of the data storage unit410. When the job control unit 411 detects a print job, the job controlunit 411 confirms whether printing is possible by querying a printcontrol unit 414. If the printing is possible, print data included in aprint job placed at the start of the print queue in the data storageunit 410 is transferred to an image processing unit 412.

The image processing unit 412 converts the print data into a print imagefor one page by performing various types of image processing. Thegenerated print image for one page is transferred to a page memory 413.After detecting the print image in the page memory 413, a print controlunit 414 instructs a printer engine 415 to print the content of the pagememory 413 onto a printing medium. The print request is processed byrepeatedly performing image processing of the image processing unit 412,expansion to the page memory 413, and printing of the printer engine415.

In addition, an input/output control unit 406 acquires an image formingapparatus state from the device control unit 408, and the imagegenerating unit 404 generates a display screen on the basis of theacquired state. After that, the image generating unit 404 displays thedisplay screen on the operation panel 405. In addition, when the imagegenerating unit 404 is notified by the operation panel 405 that (forexample) contact of a user's finger has been detected, the imagegenerating unit 404 performs processing associated with a screenelement, such as a button, corresponding to a position of contact (forexample on a touch sensitive screen).

Software Functions of Security-Unsupported Image Forming Apparatus

FIG. 6B is a software function block diagram of the security-unsupportedimage forming apparatus 103 in the first embodiment. Thesecurity-unsupported image forming apparatus 103 corresponds to an imageforming apparatus that cannot interpret the access control informationin the first embodiment. The security-unsupported image formingapparatus 103 shown in FIG. 6B differs from the image forming apparatusshown in FIG. 6A in that the security control unit 416 is not included.The other software functional blocks are not described in detail sincethey are similar to those shown in FIG. 6A. When thesecurity-unsupported image forming apparatus 103 receives theabove-described ACT, the image forming apparatus 103 regards thereceived ACT as an invalid command, discards the data, and sends back anerror. Alternatively, the image forming apparatus 103 executesmisprinting.

Software Functions of Proxy Server

FIG. 7 is a software functional block diagram of the proxy server 106 inthe first embodiment.

A network control unit 701 transmits/receives data to/from an externalapparatus through the LAN 108. When externally receiving a queuecreating request through the network control unit 701, a requestprocessing unit 702 installs a driver set 703 in the proxy server 106 sothat a job is received. A port monitor 704 uses the network control unit701 to perform job transmission and reception, image forming apparatusstate acquisition, etc. A job analyzing unit 705 analyzes whether thereceived job has an appropriate format. If the received job does nothave any appropriate format, processing concerning the job is finishedby sending back an error. If the received job has the appropriateformat, a job shaping unit 706 establishes consistency between thereceived job and details of restriction/permission described in an ACT.A spooler 707 stores the consistency-established job in a data storageunit 708 that is part of a storage device such as a hard disk. If theport monitor 704 determines that the image forming apparatus is able toreceive the job, at the same time, the spooler 707 extracts the job fromthe data storage unit 708, and transmits the job to the image formingapparatus. In addition, the finishing processing concerning the job,which controls the inappropriate format job not to be transmitted, isdescribed in detail with step S1807 (described later).

Authentication Request from Client PC

FIG. 8 is a flowchart showing a printing operation of the client PC inthe first embodiment. When the printing operation is started by a user'soperation or the like, in step S801, the number of sheets produced byprinting is predicted. The number of sheets by printing can be predictedon the basis of a header description in original data transferred to theprinter driver 503 for printing, or in such a manner that the printerdriver analyzes drawing commands. Prediction in step S801 of the numberof sheets produced by printing is optional. Even if the prediction isnot performed, the sprit of the present invention is not damaged. Apredicted number of sheets produced by printing can be stored as atemporary variable in the RAM 202 as a temporary storage area.

In step S802, the authentication server 102 is requested to issue anACT. Specifically, packets for requesting issuance of an ACT are sent tothe authentication server 102 through a communication unit. A responsefrom the authentication server 102 is awaited. If the response isreceived, from received packets, received data is extracted andreconfigured before being stored in the RAM 202. In addition, when theauthentication server 102 is requested to issue an ACT, the number ofsheets predicted in step S801 is passed as an argument to theauthentication server 102.

In step S803, it is determined whether the ACT has correctly beenacquired from the authentication server 102 in step S802.

If the ACT has correctly been acquired, the printing operation proceedsto step S804. Alternatively, if it is determined on the basis of somereason that the ACT has not correctly been acquired, the printingoperation proceeds to step S805. In step S804, the original data, whichis to be printed, is converted into print data capable of being sent tothe device, and the ACT acquired in step S802 is added to the printdata. The obtained data is sent as print job data to an outputdestination. FIG. 9A shows an example of a print job format for sendingthe ACT (902) and the print data (903) as a set to the device.

Specific Example of Access Control Information

FIG. 9B is an illustration of an example of the content of the ACT inthe first embodiment. This is acquired from the authentication server102 in step S802 in FIG. 8 and corresponds to the access controlinformation portion 902 shown in FIG. 9. Although, in the firstembodiment, the ACT is described in an XML (Extensible Markup Language)format, the format of the ACT is not limited to the XML format.

As shown in FIG. 9B, a portion 904 represents information concerning auser who acquires this ACT. This example indicates that the user isTaro, that a roll called PowerUser is assigned to the user, and that amail address is taro@xxx.yyy. A portion 905 describes a function whoseexecution is permitted in the image forming apparatus 103, 104, or thelike, by the user who acquires this ACT. The portion 905 represents afunction as restriction information or job execution permission of theACT. In this example, a printing function called “PDL Print” is usablefrom a personal computer, and function restriction in printing describespermission to execute color printing, and no permission to executeone-side printing (indicated by Simplex).

A portion 906 describes an upper limit number of sheets produced byprinting that is usable in the image forming apparatus 103, 104, or thelike, by the user who acquires this ACT. In this example, an upper limitnumber of sheets produced by color printing is 1000 for the entiresystem, and an upper limit number of sheets produced by monochromeprinting is 1000 for the entire system.

Operation of Authentication Server

FIG. 10 is a flowchart showing an operation process of theauthentication server 102 in the first embodiment.

In step S1001, issuance of an event is awaited. If the event has beenissued, the operation proceeds to step S1002.

In step S1002, it is determined whether the event issued in step S1001is an ACT issuing request including user authentication information. Ifit is determined that the issued event is the ACT issuing request, theoperation proceeds to step S1003.

In step S1003, by communicating with the authentication server 102, theauthentication server 102 is queried about the job restrictioninformation shown in FIG. 11. Among pieces of the job restrictioninformation shown in FIG. 11, a piece of job restriction information isreferred to, the piece of job restriction information corresponding touser information specified on the basis of user authenticationinformation included in the ACT issuing request. The job restrictioninformation is stored in a storage area of the authentication server102. Referring to the job restriction information may be performed in aform in which the job restriction information is directly referred to,and in a form in which the job restriction information, which is storedin a different information processing apparatus, for example, adatabase, is acquired by query.

In step S1004, on the basis of the job restriction information obtainedin step S1003, it is determined whether an ACT can be issued. If it isdetermined that the ACT can be issued, the operation proceeds to stepS1005.

In step S1005, the ACT shown in FIG. 9B is generated, and signing isperformed on the generated ACT in order to guarantee its validity. Inthe signing, information, such as a digital signature encrypted with anencryption key and an ACT validity time limit, is generated. In stepS1008, responding to the printer driver 503 with the ACT is performed.In verification of the validity of the ACT, both the digital signatureand the validity time limit may be used, and either one may be used.

If, in step S1004, it is determined that the ACT cannot be issued, theoperation proceeds to step S1006. In step S1006, the printer driver 503is notified that the ACT cannot be issued.

After step S1006, S1007, or S1008 finishes, the operation returns tostep S1001 and issuance of the next event is awaited.

Each User's Restriction Information and Job Record Information Managedby Authentication Server

FIG. 11 shows user-unit function restriction and record informationstored in a storage unit of the authentication server 102.

As shown in FIG. 11, a portion 1101 contains IDs of users registered inthe system. In this example, three users, TARO, JIRO, and HANAKO, areregistered. In a portion 1102, for each user, the number of sheetsactually produced by monochrome printing is recorded. In a portion 1103,for each user, the number of sheets actually produced by color printingis recorded. The symbol “−” for HANAKO represents prohibition of colorprinting for the user “HANAKO”. Each of portions 1104 and 1105represents an upper limit number of sheets that can be produced byprinting for each user. A portion 1106 contains user-job-issuance-stateflags, each representing a time from ACT issuance to a user throughcompletion of printing. In a portion 1107, for each user, a predictednumber of sheets of paper to be used in monochrome mode in printingbeing presently executed by the user is described. Similarly, in aportion 1108, for each user, a predicted number of sheets of paper to beused in color mode in printing being presently executed by the user isdescribed.

In FIG. 11, monochrome printing and color printing have been describedas examples of functions of the image forming apparatus. However,various functions of the image forming apparatus, for example, such asstapling and one-side printing, may be described as functioninformation.

Operation of System Management Server

FIG. 12 is a flowchart showing an operation process of the managementconsole 107 in the first embodiment. The operation of the managementconsole 107 is described below by also using FIGS. 13 to 17.

Search for Security-Support Image Forming Apparatus

In step S1201, it is determined whether a search instruction has beeninput by a user. This search instruction is executed, for example, bypressing a search button 803 on a screen displayed on the managementconsole 107. At this time, after receiving SNMP (Simple NetworkManagement Protocol) broadcast packets, the image forming apparatuses103 and 104 send responses to the management console 107. Althoughexchange of various types of information by using SNMP is described, adifferent protocol can be used. For example, various types ofinformation can be acquired by using the HTTP GET method, and varioussettings can be configured by using the HTTP POST method.

The management console 107 transmits an SNMP packet to each imageforming apparatus that responds to the search in step S1202, excludingan image forming apparatus that is under management, in order for theimage forming apparatus to transmit its configuration information. Afterreceiving the SNMP packet, the image forming apparatus sends back aresponse including specified configuration information to the managementconsole 107.

In step S1203, by analyzing the response from each image formingapparatus, it is identified whether the image forming apparatus issecurity-supported. On the basis of the result of identifying in stepS1204, image forming apparatuses that send back configurationinformation are displayed on the image forming apparatus list 801 shownin FIG. 13. In the field 802 shown in FIG. 13, a result of identifyingis displayed.

In step S1205, image forming apparatus selecting is performed. Theselecting indicates that, by using a mouse to click on a selected fieldor pressing a select button 805, on the image forming apparatus list801, a highlighted item (corresponding to the field 802 in FIG. 13) isselected as an image forming apparatus that performs the nextprocessing. In addition, by pressing a detail button 807 whenhighlighted, acquired configuration information can be viewed. Inaddition, on a filter setting screen (not shown) that is displayed bypressing a filter button 806, items displayed on the image formingapparatus list 801 can arbitrarily be altered. By pressing a cancelbutton 809 (YES in step S1206), the process is finished.

In step S1207, it is determined whether the “NEXT (>)” button 808 shownin FIG. 13 has been pressed. By selecting, on the image formingapparatus list 801, an image forming apparatus whose configuration isneeded (“YES” in step S1208), and pressing the “NEXT (>)” button 808,the management console 107 proceeds to step S1209. When all imageforming apparatuses selected on the image forming apparatus list 801 inFIG. 13 are security-supported, the client configuration screen shown inFIG. 16 is displayed.

Search Packet and Response Packet

FIG. 14 shows an example of a search packet and a response packet. FIG.14 is a schematic illustration of an SNMP packet structure for use insearching for a security-support image forming apparatus. An SNMP packetincludes version, community, and data fields. When MIB (ManagementInformation Base) information is acquired from an image formingapparatus, GetRequest-PDU (Protocol Data Units) is used in the datafield. A search packet is transmitted in a state in which, in the datafield, OID (Object IDentifier) corresponding to MIB information acquiredin a name field 1401 is set in a variable-bindings field, and NULL isset in a value field 1402. Accordingly, in a response packet sent fromthe image forming apparatus, when a value corresponding to the namefield 1401 is set in the value field 1402 of GetResponse-PDU, an errorcode is set in an error-status field. Even if no specified OID exists,an error code is set in the error-status field. In other words, an SNMPGetRequest packet in which OID representing security-function-relatedMIB is set in the name field 1401 is transmitted to the image formingapparatus. When, in an SNMP GetResponse packet received as a response,noSuchName(2) is set in an error-status field, it is determined that theimage forming apparatus is security-unsupported.

Selection of Proxy Server from List

In step S1209, it is determined whether the image forming apparatusselected in step S1208 is security-unsupported. If it is determined instep S1209 that the selected image forming apparatus issecurity-unsupported, in step S1210, a proxy server list is displayed.

FIG. 15 is an illustration of an example of a proxy server selectionscreen in the first embodiment. A proxy server list 1501 of proxyservers registered in the management console 107 beforehand isdisplayed. Registration of proxy server is described later.

In step S1211, by using the mouse to click on a portion of the proxyserver list 1501, or pressing a select button 1503, with a cursor placedon the proxy server list 1501, a proxy server to be used can beselected. By pressing a detail button 1504, a proxy server detail dialogscreen (not shown) is displayed, and proxy server information can bedisplayed.

By pressing a “BACK BUTTON (<)” 1505, the image forming apparatusconfiguration screen shown in FIG. 13 is displayed. By pressing a CANCELbutton 1507, the process is finished.

By selecting a proxy server on the proxy server list 1501, a “NEXT (>)”button 1506 can be activated. By pressing the “NEXT (>)” button 1506,the client configuration screen shown in FIG. 16 is displayed.

Registration of Client PC

FIG. 16 shows an example of a setting screen for setting a client PCthat allows participation to the printing system.

On a client list 1001, client PCs that are registered beforehand aredisplayed. By using the mouse to click or pressing a select button 1003,a client PC whose configuration is needed can be selected. By pressing adetail button 1004, with the client PC selected, client information canalso be displayed. By pressing a “BACK (<)” button 1005, the proxyselection screen shown in FIG. 15 is displayed. When all the informationprocessing apparatuses selected on the image forming apparatus list 801are security-support, the information processing apparatus configurationscreen shown in FIG. 13 is displayed. In addition, by pressing theCANCEL button 1007, the process is finished.

Setup Process of System Management Server

In step S1223, on the basis of screen settings that have been described,for each client PC, the management console 107 performs installationincluding delivery of a printer driver set, image forming apparatussetup, and various setting of proxy server. When an image formingapparatus (corresponding to the image forming apparatus 103) that issecurity-unsupported is selected on the image forming apparatus list inFIG. 13, in step S1223, an SNMP request for configuring network settingsis issued to the image forming apparatus so that it can receive only aprocessing request from the selected proxy server 106. Accordingly, theimage forming apparatus receives the processing request only from theproxy server 106. SNMP requests include, for example, MIB concerning IPblock setting for rejecting reception of data from an IP addressapparatus other than the proxy server 106.

In step S1223, the selected proxy server 106 is requested to generate aqueue for decoding and storing a print job associated with the imageforming apparatus. In addition, as described above, in step S1223, forthe client PC selected on the client configuration screen shown in FIG.16, delivery and installation of a printer driver set for inputting aprint job to the image forming apparatus are performed. The printerdriver set is configured to transmit a job generated by the printerdriver not to the image forming apparatus but to the proxy server 106.In the described processing, a request of the client PC 101 for printingor the like can directly be sent to the image forming apparatus 104 thatare security-supported, and can be sent to the image forming apparatus103 that are security-unsupported via the proxy server 106.

Registration of Proxy Server

FIG. 17 shows an example of a proxy server registration screen displayedon the management console 107 in the first embodiment. A field 1101 isused to input an IP address of a proxy server. The IP address can bearbitrarily by an operator. A field 1102 is used to input a networkaddress to be associated with the proxy server. A field 1103 is used toinput the name of the proxy server. By pressing a SET button 1105, withthe fields 1101 to 1103 filled, the proxy server can newly beregistered. The registered proxy server is displayed on a registeredproxy server list 1104 and on the proxy server list 1501.

By selecting a proxy server from the registered proxy server list 1104,an EDIT button 1106 and a DELETE button 1107 are activated. By pressingthe EDIT button 1106, settings of the presently selected proxy serverare set in the proxy server IP in the field 1101, the network in thefield 1102, and the server name in the field 1103. By altering somesetting value, and pressing the SET button 1105, the settings of theselected proxy server can be altered. In addition, by pressing theDELETE button 1107, the presently selected proxy server can be deletedfrom among the registered proxy servers. By pressing a COMPLETE button1108, this screen is closed.

Operation of Proxy Server

FIG. 18 is a flowchart illustrating an example of an operation processof a proxy server in the first embodiment. This operation corresponds toa case in which the proxy server 106 receives the print job (FIG. 4) tothe image forming apparatus 103 that is security-unsupported, andexecutes step S410.

In step S1801, the proxy server 106 determines whether a queue creatingrequest has been received from the management console 107. The queuecreating request corresponds to the above-described steps S404 andS1223.

If the proxy server 106 has not received the queue creating request, theprocess proceeds to step S1804. If the proxy server 106 has received thequeue creating request, in step S1802, installation of the printerdriver set is performed. This installation represents installation of aprinter driver set of a Windows system in queue creation when the printqueue creating request is received from the management console 107. Instep S1803, by setting an output destination of the port monitor to animage forming apparatus IP address included in the queue creatingrequest, the creating is completed and the process proceeds to stepS1801. The printer driver set represents the above-described jobanalyzing unit 705, job shaping unit 706, spooler 707, and port monitor704 in FIG. 7.

In step S1804, it is determined whether a job has been received (input)from the client PC. If the job has not been received, the processproceeds to step S1813. The reception of the job may correspond to inputof data read from a hard disk of the proxy server 106. If the job hasbeen received, in step S1805, it is determined whether the job includesan added ACT. If the job does not include the ACT, in step S1806, anerror is sent back to the client PC, and the process proceeds to stepS1813. If, in step S1805, it is determined that the job includes theACT, in step S1807, the ACT is verified. If, in step S1808, it isdetermined that the ACT is not valid, the process proceeds to step S1806for sending back an error. Regarding identifying of the ACT, since, forexample, a portion from the start to predetermined byte of the jobincludes an ACT identifier, by identifying the ACT identifier, it can beconfirmed whether the ACT is included. Details are described later withreference to FIG. 20. The proxy server 106 may save the data of the jobin hard disk 212 or discard the data of the job when the proxy server106 executes processing of step S1804 and does not subsequently transmitthe job to the image forming apparatus.

Verification in step S1807 of whether the ACT is valid is performed byverifying a digital signature included in the ACT, and by checkingwhether a validity period expires. For details, for example, anencrypted digital signature is decrypted by using a public key, and dataobtained by decryption is sent back to the authentication server 102,which is a creator of the digital signature. The authentication server102 receives the data and the data indicates that the ACT is valid,whereby it can be determined that the ACT is valid. In addition, afterthe encrypted digital signature is similarly decrypted by using thepublic key, if the present date and time of the ACT are within thevalidity period, it is determined the ACT is valid. In verification ofthe validity of the ACT, both a digital signature and a validity periodmay be used, or either one may be used.

If, in step S1808, the result of verification in step S1807 indicatesthat the ACT is valid, in step S1809, it is determined whether jobconsistency with restriction information of the ACT is established. Forexample, it is assumed that color printing is not set to be performed bythe description of the restriction information of the ACT as shown inFIG. 9B. This corresponds to a case in which ColorPrint in the portion905 in FIG. 9B is Deny. In this assumed case, if color setting of thejob represents monochrome printing, it is determined that the jobconsistency is established. In addition, if the color setting of the jobis color printing although color printing is set so as not to beperformed in the description of the restriction information of the ACT,it is determined that the job consistency is not established. In thiscase, job shaping in step S1810 changes the color setting to monochromeprinting before the process proceeds to step S1811. In step S1811, theACT is deleted, and, in step S1812, the print job without the ACT isqueued in a transmission queue (corresponding to the data storage unit708 in FIG. 7). The deletion of the ACT in step S1811 is shown in FIG.19.

Regarding the deletion of the ACT, when the print job is queued, it isnecessary to determine a boundary between the ACT and the job. Here, aheader portion of the ACT includes size information. Accordingly, on thebasis of the size information, the start of the job can be detected.

If, in step S1809, it is determined that the job consistency isestablished, the process proceeds to queuing in step S1812 withoutprocessing the job.

In step S1813, it is determined whether the queued print job has beenqueued, and, in step S1814, it is determined whether the image formingapparatus 103 is capable of printing. At the time that it is determinedthe image forming apparatus 103 is capable of printing, in step S1815,the print job is transmitted from the start of the transmission queue.

In step S1816, the proxy server 106 determines whether a terminationrequest has been received. If the proxy server 106 has received atermination request, proxy processing finishes. Until the proxy server106 receives a termination request, steps S1801 to S1816 are repeatedlyperformed.

FIG. 20 is a detailed flowchart of the ACT deletion and print jobqueuing in steps S1811 and S1812 shown in FIG. 18.

In step S2001, it is determined whether data has been input. Thisindicates that the process has proceeded to step S1811 after step S1809or S1810 in FIG. 18 finishes.

After each of steps S2002 to S2005 is performed, in step S2006, it isdetermined whether the amount of read data has reached N bytes. The datasize of the ACT is represented by “N−1” bytes. When the data size of theACT is 20 bytes, the process proceeds to step S2008 at the time thevariable N reaches 21. In step S2004, the read data (ACT) is saved inorder to prevent the ACT from being transmitted to the image formingapparatus. Since the ACT is saved in the storage unit until it isaffirmatively determined in step S2006, by later reading and outputtinga history of the saved ACT, a history of printing by thesecurity-unsupported image forming apparatus via a proxy server can beviewed by an external apparatus or the like.

In step S2008 and thereafter, the read data is stored as a print jot inthe transmission queue. If it is determined (YES in step S2010) that theentirety of the print job has been stored in the transmission queue, theprocess finishes.

According to the first embodiment, even for an image forming apparatusthat cannot be provided with an advanced function of interpreting an ACTor the like, a mechanism for flexibly restricting a print job can beprovided.

In addition, an image forming apparatus that is unable to interpret anACT is set to reject reception of data from an apparatus different froma proxy server. A print job which includes no added ACT and which passesthrough no proxy server is prevented from being input to an imageforming apparatus. Rejection of reception of data from the apparatusdifferent from the proxy server is shown in step S2101 in FIG. 21. Inaddition, rejection of reception by the proxy server of a print jobincluding no ACT is shown in step S2102.

Second Embodiment

In the first embodiment, a case in which, as shown in step S410 in FIG.4, a print job is input to the image forming apparatus 103, which cannotinterpret an ACT through the proxy server 106 has been described.However, another form can be assumed. A second embodiment of the presentinvention describes a case in which, even if a print job is input to animage forming apparatus capable of interpreting an ACT, theabove-described proxy server 106 is used.

According to the second embodiment, print job processing requests areput together by the proxy server 106. Thus, when logs of print jobexecution records are collected, compared with the case of collectinginformation from each image forming apparatus, log collection can besimplified by collecting the information from the proxy server 106. Inaddition, a shortened collecting time and reduced network traffic can berealized.

FIG. 22 illustrates an outline of a flow of information betweenapparatuses in a printing system according to the second embodiment.Portions similar to those in FIG. 4 are denoted by identical referencenumerals. In particular, differences from FIG. 4 are described below.

In step S2201, regardless of whether an output destination of a printjob is an image forming apparatus capable of interpreting an ACT, aprint job including an added ACT is transmitted from the client PC 101to the proxy server 106.

When the output destination of the print job received by the proxyserver 106 is the image forming apparatus 104, which can interpret anACT, in step S2202, the proxy server 106 transmits the print job to theimage forming apparatus 104 without deleting the ACT. Alternatively,when the output destination of the print job received by the proxyserver 106 is the image forming apparatus 103, which cannot interpretthe ACT, similarly to the first embodiment, the proxy server 106 deletesthe ACT, and transmits the ACT-deleted print job to the image formingapparatus 103.

A process of the proxy server 106 in the second embodiment is shown inthe flowchart shown in FIG. 23. In FIG. 23, steps similar to those inFIG. 18 are denoted by identical step numbers. A difference from FIG. 18is shown as step S2301 in FIG. 23. In step S2301, it is determinedwhether an image forming apparatus to which the print job is transmittedfrom the proxy server 106 is an image forming apparatus capable ofinterpreting an ACT. If the image forming apparatus to which the printjob is transmitted from the proxy server 106 is an image formingapparatus capable of interpreting the ACT, the print job is queued inthe transmission queue without executing ACT deletion. If the imageforming apparatus to which the print job is transmitted from the proxyserver 106 is not an image forming apparatus capable of interpreting theACT, ACT deletion is performed and the ACT-deleted print job is queuedin the transmission queue.

Third Embodiment

Each of the first and second embodiments describes a case in which anACT is deleted and the ACT-deleted print job is stored in thetransmission queue. The manner of deleting the ACT is not limitedthereto.

FIG. 24 is a flowchart illustrating ACT deletion different from that ineach of the first and second embodiments. Differences of FIG. 24 fromthe flowchart in FIG. 20 are mainly described below.

Although ACT deletion is executed in steps S2401 to S2406, the processin FIG. 24 differs from that in FIG. 20 in that each step is executed inresponse to the start of the print job transmission process. In otherwords, in the process in FIG. 24, the ACT has not been deleted at thetime the print job is queued in the transmission queue from the proxyserver 106, and, when the print job is transmitted, ACT data is excludedfrom what is to be transmitted. In each of steps S2407 to S2409,transmission of the print job excluding the ACT is realized.

Fourth Embodiment

Each of the above-described embodiments describes a case in which, inthe ACT deletion, the ACT is deleted before the proxy server 106finishes transmitting the print job to the image forming apparatus. TheACT deletion is not limited to this manner.

The image forming apparatus may be controlled to discard the ACT withoutdeleting the ACT by the proxy server 106. For control of the ACTdeletion by the proxy server 106, for example, a form in which the ACTis processed so as to be recognized as dummy data by the image formingapparatus, and a form that transmits a command for the image formingapparatus to delete the ACT without processing the ACT can be applied.

Fifth Embodiment

Each of the above-described embodiments describes a case in which, inthe job transmission, the job is not transmitted to the image formingapparatus when the proxy server 106 determines that the input accesscontrol information is not valid or when the proxy server 106 cannotdetect (corresponding to “NO” in step S1805) the access controlinformation. However, the manner of transmission of the job is notlimited thereto. The proxy server 106 may record history of the job andtransmit the job without deleting the access control information whenthe access control information is not valid (corresponding to “NO” instep S1808), or when the access control information is not detected(corresponding to “NO” in step S1805) instead of not transmitting thejob to the image forming apparatus.

In this case, instead of sending back an error in step S1806 (see FIG.18), the proxy server 106 records history indicating the print job,which does not have the valid access control information (“NO” in stepS1805 or “NO” in step S1808), which is input to the proxy server 106.

On condition of recording the history, the proxy server 106 transmitsthe job to the image forming apparatus. The recording can be performedat different times. For example, the proxy server 106 can record thehistory before, after, or during the transmission of the job.

The above-described history includes a plurality of attributes of thejob, for example, a job name, a user name of the job, a job executiontime, a computer name. In addition, the system management server 107 canacquire the recorded history from the proxy server 106 via the LAN 108,and can display the acquired history on the display screen. Bydisplaying the acquired history, a manager can confirm a history ofinappropriate jobs input to the proxy server 106. This deters executionof an inappropriate job at some level.

According to the fifth embodiment, even for an image forming apparatusthat cannot be provided with an advanced function of interpreting an ACTor the like, a mechanism for flexibly restricting a print job can beprovided even if the access control information is not deleted by theproxy server 106.

In addition, according to the fifth embodiment, a user can designateprinting more flexibly compared with each of the above-describedembodiments when the access control information is not acquired from theauthentication server 102 under a certain reason and urgent printing isrequired.

Other Embodiments

In order for various devices to operate for realizing the functions ofthe above-described embodiments, provision of a computer (in anapparatus or system connected to the various devices) with program codeof software for realizing the functions is also included within thescope of the present invention. In addition, an embodiment practiced byoperating the various devices in accordance with a program stored in thecomputer (CPU (central processing unit) or MPU (microprocessor unit)) inthe apparatus or system is also included in the scope of the presentinvention.

In addition, in this case, the program code of the software itselfrealizes the functions of the above-described embodiments. Furthermore,the program code itself, and means for providing the program code withthe computer, for example, a recording medium containing the programcode, may comprise the present invention. Recording media that containthe program code include, for example, a flexible disk, a hard disk, anoptical disk, a magneto-optical disc, a CD-ROM (compact-disc read-onlymemory), a magnetic tape, a nonvolatile memory card, a ROM, and a DVD(digital versatile disc).

In addition, even if the program code realizes the functions of theabove-described embodiments in cooperation with an OS (operating system)running on the computer or with different application software, theprogram code is included in the scope of the present invention.

Furthermore, the provided program code is stored in a memory on afunction expansion board of the computer or in a function expansion unitconnected to the computer. Definitely, a case in which the functions ofthe above-described embodiments are realized such that a CPU or the likeon the function expansion board or in the function expansion unitperforms all or part of actual processing on the basis of instructionsof the program code is also included in the present invention.

The above-described embodiments simply represent specific examples ofpracticing the present invention. As many apparently widely differentembodiments of the present invention can be made without departing fromthe spirit and scope thereof, it is to be understood that the inventionis not limited to the specific embodiments thereof except as defined inthe claims.

While the present invention has been described with reference toexemplary embodiments, it is to be understood that the invention is notlimited to the disclosed exemplary embodiments. The scope of thefollowing claims is to be accorded the broadest interpretation so as toencompass all modifications, equivalent structures and functions.

This application claims the benefit of Japanese Application No.2006-141622 filed May 22, 2006, and Japanese Application No. 2007-102944filed Apr. 10, 2007, which are hereby incorporated by reference hereinin their entirety.

1. An information processing apparatus for performing print jobtransmission to an image forming apparatus, the information processingapparatus comprising: a detection unit configured to detect accesscontrol information of the print job; a determination unit configured todetermine whether or not the access control information detected by thedetection unit is valid; a deletion unit configured to perform deletingthe access control information detected by the detection unit anddetermined to be valid by the determination unit; and a transmissionunit configured to transmit, to the image forming apparatus, the printjob with the access control information deleted.
 2. The informationprocessing apparatus according to claim 1, wherein the transmission unitdoes not transmit, to the image forming apparatus, the print job whenthe determination unit determines that the detected access controlinformation is not valid or when the detection unit does not detect theaccess control information.
 3. The information processing apparatusaccording to claim 1, further comprising a recording unit adapted torecord history of the print job which is determined that the accesscontrol information is not valid or that the access control informationhas not been detected; and wherein the transmission unit transmits, tothe image forming apparatus, the print job with the access controlinformation deleted by recording the history by the recording unit. 4.The information processing apparatus according to claim 1, wherein theimage forming apparatus is set so as to reject data input from anapparatus different from the information processing apparatus.
 5. Theinformation processing apparatus according to claim 1, wherein thetransmission unit saves the access control information in a storagesection included in the information processing apparatus so that theaccess control information is not transmitted.
 6. The informationprocessing apparatus according to claim 1, wherein, when a transmissiondestination to which the print job is transmitted is capable ofinterpreting the access control information, the deletion unit transmitsthe print job without deleting the access control information.
 7. Theinformation processing apparatus according to claim 1, wherein thedetected access control information is valid when time-limit informationincluded in the access control information is within a time limit, or adigital signature representing access control information issuerincluded in the access control information is identified.
 8. Theinformation processing apparatus according to claim 1, wherein thedeletion unit performs processing so as to allow the image formingapparatus to discard the access control information.
 9. A printingsystem comprising: the information processing apparatus as set forth inclaim 1; and a management apparatus, wherein the management apparatuscomprises: a search unit configured to perform a search to find an imageforming apparatus that does not match the access control information; asetting unit configured to set the found image forming apparatus as aprint job output destination to which the print job is transmitted fromthe information processing apparatus; and a delivery unit configured todeliver, to a client computer, a setup program for a printer driverusing the information processing apparatus as a print job transmissiondestination to which a print job is transmitted from the clientcomputer.
 10. A printing system comprising: an authentication serverconfigured to be capable of communicating with a client computer; a jobcontrol server configured to receive a print job from the clientcomputer; and an image forming apparatus configured to receive the printjob from the job control server, and prints out the received print job,wherein: the authentication server includes: a request receiving unitconfigured to receive a request for access control informationrepresenting permission to execute the print job from the clientcomputer; and an issuing unit configured to perform authenticating thereceived request and issuing the access control information to theclient computer; the job control server includes: an input unitconfigured to input the print job from the client computer, the printjob including the access control information; a detection unitconfigured to detect the access control information from the input printjob; a determination unit configured to determine whether or not theaccess control information detected by the detection unit is valid; adeletion unit configured to perform deleting the access controlinformation detected by the detection unit and determined to be valid bythe determination unit; and a transmission unit configured to transmit,to the image forming apparatus, the print job with the access controlinformation deleted; and the image forming apparatus includes a printoutunit configured to perform receiving the print job transmitted from thetransmission unit, and producing a printout based on the received printjob.
 11. A program to be executed by a computer that performs print jobtransmission to an image forming apparatus, the program being stored ina medium embedded in the computer, the program including program codecomprising the steps of: detecting access control information of theprint job; determining whether or not the detected access controlinformation is valid; deleting the access control information detectedin the detection step and determined to be valid in the determinationstep; and transmitting, to the image forming apparatus, the print jobwith the access control information deleted.
 12. The program accordingto claim 11, wherein, in the transmitting step, the print job is nottransmitted to the image forming apparatus when the determination stepdetermines that the detected access control information is not valid orwhen the detection step does not detect the access control information.13. The program according to claim 11, further comprising the step of:recording history of the print job which is determined that the accesscontrol information is not valid or which the access control informationis not been detected; and wherein transmission step transmits, to theimage forming apparatus, the print job with the access controlinformation deleted by recording the history.
 14. The program accordingto claim 11, wherein the image forming apparatus is set so as to rejectdata input from an apparatus different from an information processingapparatus that executes the transmitting step.
 15. The program accordingto claim 11, wherein, in the transmitting step, the identified accesscontrol information is saved in a storage unit so that the accesscontrol information is not transmitted.
 16. The program according toclaim 11, wherein, in the deleting step, when a print job transmissiondestination to which the print job is transmitted is capable ofinterpreting the access control information, the print job istransmitted without deleting the access control information.
 17. Theprogram according to claim 11, wherein the access control information isvalid when time-limit information included in the access controlinformation is within a time limit, or a digital signature representingan access control information issuer included in the access controlinformation is identified.
 18. The program according to claim 11,wherein, in the deleting step, the access control information isprocessed so that the image forming apparatus discards the accesscontrol information.
 19. The program according to claim 11, furthercomprising the steps of: searching to find an image forming apparatusthat does not match the access control information; setting the foundimage forming apparatus as a print job output destination to which theprint job is transmitted from a computer; and delivering, to a clientcomputer, a setup program for a printer driver using the computer as aprint job transmission destination to which the print job istransmitted.
 20. A program stored in a medium embedded in a computer,the program including code comprising the steps of: authenticating arequest for access control information representing permission toexecute a print job, and issuing the access control information;inputting a print job including the access control information;detecting the access control information from the input print job;determining whether or not the detected access control information isvalid; deleting the detected access control information detected in thedetection step and determined to be valid in the determination step;outputting, to an image forming apparatus, the print job with the accesscontrol information deleted; and producing a printout based on theoutput print job.
 21. A job processing method for a printing system, thejob processing method comprising the steps of: detecting access controlinformation of print job; determining whether or not the detected accesscontrol information is valid; deleting the access control informationdetected in the detection step and determined to be valid in thedetermination step; and outputting, to an image forming apparatus, theprint job with the access control information deleted; and producing aprintout based on the output print job.